Session
Stanford University
Brittan Heller, Lecturer at Stanford University and Stanford Law School, Academia/Civil Society, North America.
Brittan Heller, Lecturer at Stanford University and Stanford Law School, Academia/Civil Society, North America.
Brittan Heller (lightning talk)
Brittan Heller (lightning talk)
9. Industry, Innovation and Infrastructure
10. Reduced Inequalities
16. Peace, Justice and Strong Institutions
Targets: Brittan Heller's proposed lightning talk on privacy and human rights in the context of 3D computing and XR technologies intersects with several United Nations Sustainable Development Goals (SDGs): SDG 9: Industry, Innovation, and Infrastructure - This goal focuses on building resilient infrastructure, promoting inclusive and sustainable industrialization, and fostering innovation. Heller's discussion on developing new privacy frameworks to accommodate emerging technologies fits well with promoting sustainable technological advancements and ensuring that new infrastructures (like XR devices) are safe and inclusive. SDG 16: Peace, Justice, and Strong Institutions - This goal emphasizes promoting peaceful and inclusive societies for sustainable development, providing access to justice for all, and building effective, accountable institutions at all levels. Heller's focus on privacy, human rights, and safety directly aligns with ensuring strong legal frameworks and protections for individuals in the digital age. SDG 10: Reduced Inequalities - This goal aims to reduce inequality within and among countries. The talk's emphasis on privacy and human rights within new technological frameworks touches on ensuring that these innovations do not exacerbate existing inequalities or create new forms of digital divide.
Lightning Talk
Join technology and human rights expert Brittan Heller as she explores how the internet is evolving with new 3D computing technologies like XR glasses. These spatial computing devices blend our physical and digital worlds by collecting detailed data about our surroundings and our personal reactions. In her talk, Heller will explain why traditional ways of protecting our privacy, such as opting out, may no longer be effective in this new digital landscape. Specifically, in what she calls the "embodied web," users cannot opt out if their body's information is required to calibrate the hardware. Heller will discuss the risks associated with XR technologies, including how they might use our own involuntary biometric responses for targeted advertising. Additionally, she will address how personal identifying information can be extracted from seemingly anonymous data, such as the way someone points, to uniquely identify them even in large crowds. She emphasizes the importance of developing new privacy rules that can address these emerging challenges while the technology is still in its early stages. Her talk will focus on what these changes mean for our privacy, rights, and safety as we delve deeper into the world of spatial computing. Heller’s talk underscores the need to harness innovation and balance risks in digital space.
You can learn more about her ideas in her lecture for the Stanford Cyber Policy Center ([https://www.youtube.com/watch?v=F0zhkvM_iGY](https://www.youtube.com/wa…)) or in her paper ([https://scholarship.law.vanderbilt.edu/jetlaw/vol23/iss1/1/](https://scholarship.law.vanderbilt.edu/jetlaw/vol23/iss1/1/)).
Report
Traditional Privacy Safeguards Are Insufficient: In the embodied web, where XR and 3D computing technologies seamlessly integrate physical and digital realities, opting out or anonymization no longer provides adequate privacy protections. Biometric and behavioral data are inherently tied to individuals and cannot be effectively shielded under traditional frameworks.
Biometric Data Creates New Risks: XR devices collect and utilize involuntary biometric data, such as eye movements, heart rate, or gestures, for functionality and personalization. This data can be repurposed for targeted advertising or de-anonymized to uniquely identify individuals, raising concerns about misuse and lack of informed consent.
Urgent Need for Proactive Governance: To protect users, we must develop new privacy frameworks that account for the unique challenges posed by spatial computing technologies. Delaying regulation risks embedding exploitative practices into the infrastructure of the next-generation internet.
Engage users, developers, and organizations in conversations about the implications of embodied web technologies: Encourage transparency in how data is collected, stored, and used, empowering individuals to demand accountability.
Promote Global Collaboration on Privacy Regulation: Push for international cooperation to establish interoperable privacy frameworks that safeguard human rights while enabling technological progress across borders.
Session Report: The Embodied Web: Rethinking Privacy in 3D Computing
Speaker: Brittan Heller, Lecturer at Stanford University
Event: IGF 2024
In her session at IGF 2024, Brittan Heller discussed the evolving landscape of privacy in the context of spatial computing, highlighting the unique challenges posed by immersive technologies like artificial intelligence (AI), virtual reality (VR), augmented reality (AR), and extended reality (XR). Heller framed the discussion around her concept of the "embodied web," where digital interactions are no longer confined to traditional screen-based experiences but instead engage with users' bodies, movements, and physiological responses.
Transition to an Embodied Digital Environment
Heller began by presenting a scenario in which a user’s physical responses, such as changes in heart rate and pupil dilation, are tracked during interactions in a VR racing game. This example illustrated the degree to which spatial computing technologies gather personal, body-based data, which may be shared or exploited by advertisers and data brokers. As the world transitions from the traditional web to these immersive digital environments, privacy must be rethought to address the increasing complexity of data collection and use.
The Rise of Spatial Computing
Spatial computing—enabled by XR technologies—blends the physical and digital realms, providing users with deeply immersive experiences. While these technologies hold immense potential in fields such as gaming, healthcare, and education, they also come with substantial privacy risks. XR devices collect data ranging from physical movements and eye tracking to more sensitive information like users' emotional and physiological states, raising concerns about how this data is protected and used.
Challenges to Traditional Privacy Protections
Heller outlined the shortcomings of current privacy frameworks in addressing the challenges presented by spatial computing. Traditional opt-out mechanisms, often central to privacy laws like the GDPR, are ineffective in XR environments where bodily data is integral to the system's functionality. As biometric responses, such as eye movement or heart rate, become critical for navigation in VR and AR, the potential for misuse grows. Heller referenced a study from Berkeley that uniquely identified one person from a crowd of 55,000, based solely on the way the person tilted their head and pointed. She referenced another Berkeley study that demonstrated how personal attributes such as age, ethnicity, and gender could be inferred from VR motion data, underscoring the need for new approaches to data protection.
Privacy Risks and Ethical Concerns
The risks associated with XR technologies extend beyond traditional privacy violations. In addition to the risk of unauthorized data sharing and surveillance, Heller discussed the potential for manipulative practices using behavioral data. The granularity of information collected—such as physiological reactions to specific stimuli—could be used to influence user behavior, decisions, or purchases without their full awareness or consent.
Furthermore, the integration of Generative AI into XR environments amplifies these concerns. Tools such as NVIDIA’s platforms and OpenAI’s SHAP-E can generate complex 3D environments or objects from minimal input, raising additional privacy and ethical considerations. Heller emphasized the importance of integrating privacy-by-design principles in the development of these technologies.
The Need for New Privacy Frameworks
To address the emerging privacy challenges in spatial computing, Heller called for the creation of new privacy frameworks. She pointed out gaps in existing regulations, such as the GDPR's limited coverage of body-based data, and highlighted the need for laws that protect users' bodily and environmental data. She specifically noted Colorado's HB24-1058, which addresses neural data, as a promising example of early legislation aimed at safeguarding this type of sensitive information.
Implications for Human Rights and Safety
Heller underscored that spatial computing technologies must be deployed with respect for fundamental human rights. Privacy protections and user control over personal data are essential for fostering trust in these new technologies. Moreover, Heller discussed the broader societal implications of these technologies, aligning the need for ethical data protection with global goals such as reducing inequality (SDG 10) and promoting justice (SDG 16).
Conclusion: The Path Forward
Concluding her session, Heller emphasized that the transition to the embodied web presents both significant opportunities and challenges. While these technologies have the potential to transform industries and human experiences, it is crucial that privacy and ethical considerations evolve alongside them. Heller called for continued dialogue and collaboration to ensure that the future of spatial computing remains centered on user rights, transparency, and ethical innovation.